In the first 203 days of 2018, there were 668 publicly-disclosed breaches of major organizations in the U.S. At this rate, more than 1,200 breaches — or more than three per day— will occur this year.

That said, cybersecurity breaches are not inevitable, despite popular belief. There are proven techniques in use today by large and small companies with limited staff and budgets that can fend off most attacks and dramatically reduce the damage of attacks. Successful security programs today are focused on breach avoidance and damage reduction, not simply shortening their incident response time.

Balbix commissioned the SANS Institute to research success factors from enterprises that have done the best job avoiding breaches and minimizing business damage. As a result of its independent research, the SANS Institute recently published a paper identifying and describing these success factors in greater detail. The paper, “Breach Avoidance: It Can Be Done, It Needs to Be Done,” names the following actions as key factors in enabling enterprises of all sizes, structures, and industries to successfully avoid breaches.

Using a Cybersecurity Framework to Prioritize “Protect the Business”

The use of a cybersecurity framework that prioritizes actions and controls by business risk helps enterprises focus on what security processes and controls are the most important to successfully avoid incidents that would disrupt business operations or expose customer information. Examples of cybersecurity frameworks that support business protection and risk reduction include NIST Cyber Security Framework, CIS Critical Security Controls, PCI Data Security Standards Prioritization Guidelines, and Health Information Trust Alliance Common Security Framework.

Instituting Continuous Monitoring of Assets

Knowing what systems, applications, and data are in use by the business and having accurate, timely information on vulnerabilities that enable proactive efforts to mitigate or shield systems before attacks are launched. Simply being compliant with periodic vulnerability scanning is not sufficient. Using a mix of network-, host-, and credential-based sensors on a continuous and automatic basis are the best way to manage inventory and vulnerability data across all IT assets.

Mapping Against Real-World Threats

Mature cybersecurity asset inventory and vulnerability management processes produce huge numbers of vulnerability alerts. Converting all alerts to trouble tickets will surely overwhelm IT operations staff with what is most likely low-priority or false positive requests. Companies that first map vulnerabilities against active threats and then against criticality of the asset to business operations can be more impactful in achieving the patching, reconfiguration, or shielding actions needed to reduce breach risk. Tools that automate this analysis further boost this responsiveness, especially for companies with limited SecOps skills or resources.

Developing and Updating “Playbooks” That Incorporate Tool Support and Automation

In discussing cybersecurity, the term “playbook” refers to incident response processes where techniques and procedures are documented to ensure that actions taken after the detection of an incident are repeatable and complete. These playbooks should be determined by an expert security analyst and documented so that lesser-skilled analysts can step in to respond to static events, allowing the highly-skilled analyst to focus on more unique or crisis events. As threats are continuously changing and evolving, companies can leverage automation and orchestration to dynamically contextualize and update playbooks to, more accurately, prioritize needed actions and associated fixes.

SANS found the above factors to be common in businesses that successfully avoid breaches. By focusing resources on protecting the most critical business assets against the most damaging potential threats, companies can prevent breaches and drastically reduce the business impact of any that do occur.

In addition to expanding on these core success factors, the SANS Institute paper offers metrics that all companies should be tracking against to understand both their level of risk and opportunities to improve their security operations and discusses the importance of proactive and strategic approaches to reducing risk and appropriately prioritizing proactive actions.

The full paper can be downloaded on the SANS Institute website at this link. Please note, SANS registrant credentials are required to access it.